CVE-2021-44031

Description

An issue was discovered in Quest KACE Desktop Authority before 11.2. /dacomponentui/profiles/profileitems/outlooksettings/Insertimage.aspx contains a vulnerability that could allow pre-authentication remote code execution. An attacker could upload a .ASP file to reside at /images/{GUID}/{filename}.

References

https://support.quest.com/kace-desktop-authority/kb/336098/quest-response-to-desktop-authority-vulnerabilities-prior-to-11-2

Details

Source: Mitre, NVD

Risk Information

CVSS v2

CVSS v3

EPSS